Skip Navigation

Supply Chain Security Inside and Out

3 minute read time

Every organization needs to safeguard their SDLC. Take a look at two key aspects of ensuring external and internal security for your software supply chain.
Read More...

Protecting Software Developers from Malware with AI/ML Insights

By Mandeep Singh on April 20, 2023 featured

5 minute read time

Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.
Read More...

Sonatype Repository Firewall is an Easy Solution for a Big Problem

6 minute read time

Discover Sonatype Repository Firewall's AI-driven protection for SDLCs, blocking malicious components and ensuring a more secure software supply chain.
Read More...

PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero

By Ax Sharma on August 11, 2022 vulnerabilities

7 minute read time

Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.
Read More...

Python Packages Upload Your AWS Keys, env vars, Secrets to the Web

By Ax Sharma on June 23, 2022 vulnerabilities

5 minute read time

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.
Read More...

New 'pymafka' Malicious Package Drops Cobalt Strike on macOS, Windows, Linux

By Ax Sharma on May 20, 2022 vulnerabilities

5 minute read time

The 'pymafka' PyPI package is filled with trojans targeting Windows, macOS & Linux users and appears to typosquat the popular PyKafka.
Read More...

Open Source Attacks on the Rise: Top 8 Malicious Packages Found in npm

By Ax Sharma on June 08, 2021 featured

10 minute read time

We're rounding up the top 8 malicious cyber attacks on npm that Sonatype has discovered with its next-gen open source security and malware detection tool.
Read More...

New Language? No Problem. New Ecosystems in Sonatype Lifecycle and Repository Firewall

By Alyssa Shames on May 13, 2020 Product

5 minute read time

New ecosystems added to Sonatype Lifecycle and Repository Firewall: Alpine, Bower, Cargo, CocoaPods, Conda, Conan, Composer, CRAN, Debian, Drupal & rpm.
Read More...

Sonatype Repository Firewall Now Supports JFrog Artifactory Customers

By Michelle Dufty on February 28, 2019 artifact repository

1 minute read time

Artifactory customers can now protect their perimeter from risky open source with Sonatype Repository Firewall.
Read More...